Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

With golang 1.20, govmomi will report issue validating certificate #736

Closed
lubronzhan opened this issue Jul 10, 2023 · 2 comments
Closed

With golang 1.20, govmomi will report issue validating certificate #736

lubronzhan opened this issue Jul 10, 2023 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@lubronzhan
Copy link
Contributor

What happened?

Opened an issue in govmomi as well
vmware/govmomi#3174

Right now if i compile from master branch with golang 1.20, even with correct thumbprint config, govmomi will report error like

E0710 05:47:19.253974       1 connectionmanager.go:147] Cannot connect to vCenter with err: Post "https://10.191.133.186:443/sdk": tls: failed to verify certificate: x509: cannot validate certificate for 10.191.133.186 because it doesn't contain any IP SANs
E0710 05:47:20.258996       1 connection.go:181] Failed to create new client. err: Post "https://10.191.133.186:443/sdk": tls: failed to verify certificate: x509: cannot validate certificate for 10.191.133.186 because it doesn't contain any IP SANs
E0710 05:47:20.259047       1 connection.go:67] Failed to create govmomi client. err: Post "https://10.191.133.186:443/sdk": tls: failed to verify certificate: x509: cannot validate certificate for 10.191.133.186 because it doesn't contain any IP SANs
E0710 05:47:20.259058       1 connectionmanager.go:147] Cannot connect to vCenter with err: Post "https://10.191.133.186:443/sdk": tls: failed to verify certificate: x509: cannot validate certificate for 10.191.133.186 because it doesn't contain any IP SANs

What did you expect to happen?

CPI should be working without certificate validation error when using golang 1.20

How can we reproduce it (as minimally and precisely as possible)?

  1. Bumped Cloud-provider-vsphere to use golang1.20
  2. Govmomi version is 0.30.4
  3. Then compile and deploy Cloud-provider-vsphere with correct tlsthumbprint config
  4. Error shows up
E0710 05:47:20.259058       1 connectionmanager.go:147] Cannot connect to vCenter with err: Post "https://10.191.133.186:443/sdk": tls: failed to verify certificate: x509: cannot validate certificate for 10.191.133.186 because it doesn't contain any IP SANs

Anything else we need to know (please consider providing level 4 or above logs of CPI)?

No response

Kubernetes version

$ kubectl version
# paste output here

Cloud provider or hardware configuration

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here

# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Kernel (e.g. uname -a)

Install tools

Container runtime (CRI) and and version (if applicable)

Related plugins (CNI, CSI, ...) and versions (if applicable)

Others
@lubronzhan lubronzhan added the kind/bug Categorizes issue or PR as related to a bug. label Jul 10, 2023
@lubronzhan
Copy link
Contributor Author

Merged in https://github.com/vmware/govmomi/tree/v0.30.6. Will pick up this one for 1.27

@lubronzhan lubronzhan mentioned this issue Jul 18, 2023
Merged
@lubronzhan
Copy link
Contributor Author

Fixed in 1.27.0

@wyike wyike mentioned this issue Aug 25, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lubronzhan